Hackers Find Ways to Attack

It seems to me there is a large disconnect of how a hacker does their work. There are lot of youtube videos with hackers showing how they have hacked something. How can hackers seemingly get in complicated defenses? (not all hackers are criminal in nature)

The following shows some of the combinations within a type of garage door opener (shown in youtube snapshot below) Notice the bit switches (up and down where the combination can be set to 000000000000 up to 111111111111)

Samy has figured out that there are only 4096 combinations with 12 binary code digits in the garage door opener.

Now it is easy to do it, just buy it from somebody who already built it. The problem is that if one can see this “exploit” on YouTube then others can recreate this hack easier than it took for Samy since he left a trail of breadcrumbs

It is true that an unsophisticated “lock” of 12 bits was used to ‘secure’ the garage door mechanism, this is a fault of the garage door manufacturers, but is it really a good idea to post the method of how to break it online?

So imagine the level of sophistication for hackers has increased exponentially, therefore the hacker is developing more sophisticated hacks and selling his inventions for more money to less scrupulous people. This is where we are today.

What happened in 2005? The criminal element in Russia was able to convert a few hackers into their workers, and from then on it was just more mayhem. If you remember spam was just annoying in the early 2000’s, whereas now it is downright dangerous with multiple phishing campaigns and APT (Advanced Persistent threats) campaigns.

The other side of the coin (the defense) is that some people are just not patching and performing IT functions properly. which of course makes the attackers job easier.

Performing IT functions everyday causes many things, including a sense of if it is not broken don’t touch it.

But in Security you may be liable with no upgrades even if the device “is not broken” and need to upgrade with a new Operating System, which may break your apps.

So Security is really counter intuitive from normal IT functions, this is why a lot of companies are not understanding fundamental security issues.

I am not sure if you got a better idea of the hacker mindset with the example above. Needless to say the criminal hacker has no ethics, they will attack you, work out technical problems and attack while you are asleep. the goal being to make more money (not to show you a new trick).

In fact the national news are consistently showing this with the Chinese hackers attacking our government without a response. The Chinese goal has nationalistic aspirations.

Although I must say the only definitive attributable attack to China was the Mandiant report: